Black Basta Ransomware: What You Need to Know

Sept. 20, 2024, 11:41 a.m.

Description

Black Basta is a ransomware-as-a-service group that emerged in April 2022, known for double extortion tactics. They target organizations globally, particularly in North America, Europe, and Australia, affecting over 500 entities across various industries. Initial access is gained through phishing, Qakbot, Cobalt Strike, and vulnerability exploitation. The group uses tools like Mimikatz for credential theft and lateral movement. Their process involves data exfiltration using Rclone, followed by file encryption using the ChaCha20 algorithm. The ransomware disables system defenses, deletes shadow copies, and leaves a ransom note. Black Basta has been linked to the FIN7 threat actor due to similarities in EDR evasion techniques.

External References

https://blog.qualys.com/vulnerabilities-threat-research/2024/09/19/black-basta-ransomware-what-you-need-to-know
https://otx.alienvault.com/pulse/66ed5a9c197554aebcf74460
Tags
ransomware
black basta
2024-09-20

Date

  • Created: Sept. 20, 2024, 11:21 a.m.
  • Published: Sept. 20, 2024, 11:21 a.m.
  • Modified: Sept. 20, 2024, 11:41 a.m.

Indicators

  • f14c7eacdb39f1decdcf1e68f57c87340968fede1dc0391b2b082f58bd3a3f93
  • df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3
  • dd32c037ed9b72acb6eda4f5193c7f1adc1e7e8d2aefcdd4b16de2f48420e1d3
  • dc56a30c0082145ad5639de443732e55dd895a5f0254644d1b1ec1b9457f04ff
  • d943a4aabd76582218fd1a9a0a77b2f6a6715b198f9994f0feae6f249b40fdf9
  • d8e9e06b7adea939bcc135876f4e8a1d3719120e8ad9d4d72812ffd1dbee62fc
  • d1949c75e7cb8e57f52e714728817ce323f6980c8c09e161c9e54a1e72777c13
  • cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa
  • b18b40f513bae376905e259d325c12f9d700ee95f0d908a4d977a80c0420d52e
  • affcb453760dbc48b39f8d4defbcc4fc65d00df6fae395ee27f031c1833abada
  • ab913b3bb637447f33add3c7020d353389738e4d532b905caed04c7c7f399277
  • ab1a3f8a0510ffa3c043bc200fe357c9ce220ea916f50b8b5b454027ef935c54
  • a54fef5fe2af58f5bd75c3af44f1fba22b721f34406c5963b19c5376ab278cd1
  • a199c9d91a1e7c7051ec40f0a3a51143aa9f06af47a2a5f0e2dd235d7e1fe386
  • 9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7
  • 9f188b2f4aa6a5ff3a6fb9048a20c5566f25bd9fb313ed1ba1d332fadd82690f
  • 7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a
  • 699aaea1598a034cde7ed88cd8a8a36fd59447e09bddef566357061774c48a76
  • 5b6c3d277711d9f847be59b16fd08390fc07d3b27c7c6804e2170f456e9f1173
  • 53a06b78d89fe3f981ff32cd7a66f31e099d4bbaac36d7c64ed08d615d314408
  • 5211ad84270862e68026ce8e6c15c1f8499551e19d2967c349b46d3f8cfcdcaa
  • 50f45122fdd5f8ca05668a385a734a278aa126ded185c3377f6af388c41788cb
  • 4b83aaecddfcb8cf5caeff3cb30fee955ecfc3eea97d19dccf86f24c77c41fc4
  • 48976d7bf38cca4e952507e9ab27e3874ca01092eed53d0fde89c5966e9533bb
  • 46be54f719ee76af15099de6e337b05a0a442c813e815bbed92a71135cfd9ab2
  • 449d87ca461823bb85c18102605e23997012b522c4272465092e923802a745e9
  • 3eb22320da23748f76f2ce56f6f627e4255bc81d09ffb3a011ab067924d8013b
  • 21033cd24a9d775d7daa7bbc5c5b007553f205ac0febb6bae3fa35c700676bda
  • 203d2807df6ef531efbec7bfd109986de3e23df64c01ea4e337cbe5ba675248b
  • 1ed076158c8f50354c4dba63648e66c013c2d3673d76ac56582204686aae6087
  • 1d040540c3c2ed8f73e04c578e7fb96d0b47d858bbb67e9b39ec2f4674b04250
  • 15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4
  • 1391c20a26f248f7c602f20096bf1886cfe7e4d151602a1258a9bbe7c02c1c80
  • 0db7a0327192710c403e021cbfc3902d75c729b3ba59d87159bf8f59a151a481
  • 0da309cc4f0d21c76c26d7b4f1c65bb1659908f191edb01d76ff22c8dabef0b1
  • 0c964ac2f65f270eb19982b04ae346e72976bdf19b88ffd2308700dcce2b5ec0
  • 0bce6dc27d2cbdc231b563427c3489ddc69a0a88012abccd49b32c931dd93a81
  • 09bc7247b50a166996b667b9a6e696cfbafa203ffcbec46ad0cca27deacd5c25
  • fff35c2da67eef6f1a10c585b427ac32e7f06f4e4460542207abcd62264e435f
  • fafaff3d665b26b5c057e64b4238980589deb0dff0501497ac50be1bc91b3e08
  • f039eaaced72618eaba699d2985f9e10d252ac5fe85d609c217b45bc8c3614f4
  • e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757
  • df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415
  • d73f6e240766ddd6c3c16eff8db50794ab8ab95c6a616d4ab2bc96780f13464d
  • d15bfbc181aac8ce9faa05c2063ef4695c09b718596f43edc81ca02ef03110d1
  • b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9
  • ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e
  • acb60f0dd19a9a26aaaefd3326db8c28f546b6b0182ed2dcc23170bcb0af6d8f
  • a7b36482ba5bca7a143a795074c432ed627d6afa5bc64de97fa660faa852f1a6
  • 9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc
  • 96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be
  • 90ba27750a04d1308115fa6a90f36503398a8f528c974c5adc07ae8a6cd630e7
  • 88c8b472108e0d79d16a1634499c1b45048a10a38ee799054414613cc9dccccc
  • 882019d1024778e13841db975d5e60aaae1482fcf86ba669e819a68ce980d7d3
  • 86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737
  • 723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
  • 7ad4324ea241782ea859af12094f89f9a182236542627e95b6416c8fb9757c59
  • 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944
  • 5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa
  • 62e63388953bb30669b403867a3ac2c8130332cf78133f7fd4a7f23cdc939087
  • 5b2178c7a0fd69ab00cef041f446e04098bbb397946eda3f6755f9d94d53c221
  • 5942143614d8ed34567ea472c2b819777edd25c00b3e1b13b1ae98d7f9e28d43
  • 58ddbea084ce18cfb3439219ebcf2fc5c1605d2f6271610b1c7af77b8d0484bd
  • 51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e
  • 462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7
  • 42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78
  • 3c50f6369f0938f42d47db29a1f398e754acb2a8d96fd4b366246ac2ccbe250a
  • 39939eacfbc20a2607064994497e3e886c90cd97b25926478434f46c95bd8ead
  • 37a5cd265f7f555f2fe320a68d70553b7aa9601981212921d1ac2c114e662004
  • 360c9c8f0a62010d455f35588ef27817ad35c715a5f291e43449ce6cb1986b98
  • 350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd
  • 3337a7a9ccdd06acdd6e3cf4af40d871172d0a0e96fc48787b574ac93689622a
  • 3090a37e591554d7406107df87b3dc21bda059df0bc66244e8abef6a5678af35
  • 1c1b2d7f790750d60a14bd661dae5c5565f00c6ca7d03d062adcecda807e1779
  • 17879ed48c2a2e324d4f5175112f51b75f4a8ab100b8833c82e6ddb7cd817f20
  • 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90
  • 0a8297b274aeab986d6336b395b39b3af1bb00464cf5735d1ecdb506fef9098e
  • 07117c02a09410f47a326b52c7f17407e63ba5e6ff97277446efc75b862d2799
  • 05ebae760340fe44362ab7c8f70b2d89d6c9ba9b9ee8a9f747b2f19d326c3431
  • 0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a
  • 1fd42d07b4be99e0e503c0ed5af2274312be1b03e01b54a6d89c0eef04257d6e
  • kekeoamigo.com
Download all indicators here!

Attack Patterns

  • Black Basta - S1070
  • QuackBot
  • Pinkslipbot
  • QakBot - S0650
  • SystemBC
  • QBot
  • Cobalt Strike - S0154
  • Black Basta

Additional Informations

  • Critical Infrastructure
  • Australia
  • United States of America

Linked vulnerabilities

CVE-2020-1472

None
Published:

CVE-2021-34527

None
Published:

CVE-2021-42278

None
Published:

CVE-2021-42287

None
Published:

CVE-2024-1709

None
Published:

CVE-2024-26169

None
Published: